Last active
August 28, 2024 05:35
-
-
Save MahmoudSayed96/8ea0e5c2bc3ca1c748fda3c6765de385 to your computer and use it in GitHub Desktop.
Drupal 8 rest custom login resource, return session data to build cookie in frontend, missing csrf (can be obtained at /rest/session/token). !!! This is a POST resource, so '$ drush cr', enable resource, and add a permission for anonymous role.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
namespace Drupal\custom_rest_api\Plugin\rest\resource; | |
use Drupal\Core\Session\AccountProxyInterface; | |
use Drupal\rest\ModifiedResourceResponse; | |
use Drupal\rest\Plugin\ResourceBase; | |
use Psr\Log\LoggerInterface; | |
use Symfony\Component\DependencyInjection\ContainerInterface; | |
use Drupal\Core\Session\SessionManagerInterface; | |
use Drupal\Core\Extension\ModuleHandlerInterface; | |
use Drupal\Core\Password\PasswordInterface; | |
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException; | |
/** | |
* Represents Custom login resource records as resources. | |
* | |
* @RestResource ( | |
* id = "custom_rest_api_custom_login_resource", | |
* label = @Translation("Custom login resource"), | |
* uri_paths = { | |
* "create" = "/api/custom/login" | |
* } | |
* ) | |
* | |
* @DCG | |
* This plugin exposes database records as REST resources. In order to enable it | |
* import the resource configuration into active configuration storage. You may | |
* find an example of such configuration in the following file: | |
* core/modules/rest/config/optional/rest.resource.entity.node.yml. | |
* Alternatively you can make use of REST UI module. | |
* @see https://www.drupal.org/project/restui | |
* For accessing Drupal entities through REST interface use | |
* \Drupal\rest\Plugin\rest\resource\EntityResource plugin. | |
*/ | |
class CustomLoginResource extends ResourceBase { | |
/** | |
* A current user instance. | |
* | |
* @var \Drupal\Core\Session\AccountProxyInterface | |
*/ | |
protected $currentUser; | |
protected $sessionManager; | |
protected $moduleHandler; | |
protected $password; | |
/** | |
* Constructs a new CustomLoginResource object. | |
* | |
* @param array $configuration | |
* A configuration array containing information about the plugin instance. | |
* @param string $plugin_id | |
* The plugin_id for the plugin instance. | |
* @param mixed $plugin_definition | |
* The plugin implementation definition. | |
* @param array $serializer_formats | |
* The available serialization formats. | |
* @param \Psr\Log\LoggerInterface $logger | |
* A logger instance. | |
* @param \Drupal\Core\Session\AccountProxyInterface $current_user | |
* A current user instance. | |
*/ | |
public function __construct( | |
array $configuration, | |
$plugin_id, | |
$plugin_definition, | |
array $serializer_formats, | |
LoggerInterface $logger, | |
AccountProxyInterface $current_user, | |
SessionManagerInterface $session_manager, | |
ModuleHandlerInterface $module_handler, | |
PasswordInterface $password) { | |
parent::__construct($configuration, $plugin_id, $plugin_definition, $serializer_formats, $logger); | |
$this->currentUser = $current_user; | |
$this->sessionManager = $session_manager; | |
$this->moduleHandler = $module_handler; | |
$this->password = $password; | |
} | |
/** | |
* {@inheritdoc} | |
*/ | |
public static function create(ContainerInterface $container, array $configuration, $plugin_id, $plugin_definition) { | |
return new static( | |
$configuration, | |
$plugin_id, | |
$plugin_definition, | |
$container->getParameter('serializer.formats'), | |
$container->get('logger.factory')->get('exp_fs'), | |
$container->get('current_user'), | |
$container->get('session_manager'), | |
$container->get('module_handler'), | |
$container->get('password') | |
); | |
} | |
/** | |
* Responds to POST requests. | |
* | |
* @return \Drupal\rest\ModifiedResourceResponse | |
* The HTTP response object. | |
* | |
* @throws \Symfony\Component\HttpKernel\Exception\HttpException | |
* Throws exception expected. | |
*/ | |
public function post($data) { | |
$this->validate($data); | |
$pass_check = FALSE; | |
$name = $data['name']; | |
$pass = $data['pass']; | |
$account = user_load_by_name(trim($name)); | |
if ($account) { | |
$pass_check = $this->password->check(trim($pass), $account->getPassword()); | |
} | |
else { | |
$body = [ | |
'error' => 'Wrong username and/or password.', | |
]; | |
} | |
if ($pass_check == FALSE) { | |
$body = [ | |
'error' => 'Wrong username and/or password..', | |
]; | |
} | |
else { | |
$session = \Drupal::service('session'); | |
$session->migrate(); | |
$session->set('uid', $account->id()); | |
$this->moduleHandler->invokeAll('user_login', [$account]); | |
user_login_finalize($account); | |
$sess_name = $this->sessionManager->getName(); | |
$sess_id = $this->sessionManager->getId(); | |
$body = [ | |
'sess_name' => $sess_name, | |
'sess_id' => $sess_id, | |
'current_user' => [ | |
'name' => $account->getAccountName(), | |
'uid' => $account->id(), | |
'roles' => $account->getRoles(), | |
], | |
]; | |
} | |
return new ModifiedResourceResponse($body, 200); | |
} | |
/** | |
* Validates incoming record. | |
* | |
* @param mixed $record | |
* Data to validate. | |
* | |
* @throws \Symfony\Component\HttpKernel\Exception\BadRequestHttpException | |
*/ | |
protected function validate($record) { | |
if (!is_array($record) || count($record) == 0) { | |
throw new BadRequestHttpException(t('No record content received')); | |
} | |
if (empty($record['name'])) { | |
throw new BadRequestHttpException(t('name id is required')); | |
} | |
if (empty($record['pass'])) { | |
throw new BadRequestHttpException(t('Password date is required')); | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment